[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL, slapd internal searches



A little while back I committed some changes to the sasl/saslauthz code to
make sure that it enforced ACLs on all the internal searches it performs. I
think some of these changes are wrong/unnecessary. Really, the point of an
ACL is to control what an external user can see/touch. When slapd is
performing a search to map an authID to a DN, I think this should be treated
as a root-privileged operation, ignoring access controls. Aside from the DN
itself, nothing about the entry is ever exposed to any external user.
Comments?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support